Jump to main content

Do People Use Different Passwords for Different Accounts?

1
2
3
4
5
223 reviews

Abstract

Do you ever use a password to log in to a computer, email account, or website? Do you use the same password for each one? Even if your password is very long or hard to guess, using the same password for many accounts can still be risky. If someone manages to find out your password (for example, via a phishing attack, or if you write your passwords down and someone finds the piece of paper), they could easily access many of your accounts. However, memorizing lots of different passwords can be difficult and confusing. In this computer science project, you will conduct a survey to see how many different passwords people use.

Summary

Areas of Science
Difficulty
 
Time Required
Long (2-4 weeks)
Prerequisites
None
Material Availability
Readily available
Cost
Very Low (under $20)
Safety
No issues
Credits
Ben Finio, Ph.D., Science Buddies

Objective

Conduct a survey to determine how many different passwords people use to access personal electronic devices and online information, such as computer logins, email, social networking, and work accounts.

Introduction

If you have a computer or email account, chances are that you use a password to log in to them. A password is a series of characters made up of letters, numbers, and/or symbols from your computer's keyboard that acts like a virtual "key" to access a private account or data. If someone guesses or finds out your password, it's as if they stole a key that lets them into your house. All sorts of bad things can happen as a result. People who try to steal other people's passwords with malicious intent are called hackers or cyber thieves. Some hackers claim that they are just out to have fun or to prove a political point (for example, by changing pictures or text on the website of a politician with whom they disagree); but others commit serious crimes like electronically stealing money from bank accounts or opening new accounts in a person's name using his or her information.

One of the best precautions you can take is to use passwords that are hard to guess. Many passwords are extremely common, such as "password", "123456", or "qwerty", and these are the first passwords hackers will try when they want to access someone's account. Security experts typically recommend using a combination of letters (uppercase and lowercase), numbers, and symbols, as well as completely avoiding spelling out words that can be found in the dictionary, or using names (especially of family members or pets). Though not guaranteed, following these guidelines makes your password much harder for a human to guess, and means automated computer programs that are used by hackers will take much longer to guess it. There are even online tools that will estimate how long a password will take to guess (see the Bibliography section for references on common passwords and password security tips).

Most people have more than one account that they log in to for different online activities, like email, social networking, and various electronic devices (computers, cell phones, tablets etc.). Security experts agree that if you have more than one account, you need more than one password. Even if you have a very strong password, it could be dangerous to use the same one for all of those different logins. For example, some people write their passwords down, which is a bad idea, because the paper could be stolen. You could also lose your password due to a phishing attack. A phishing attack is when a malicious fake website is set up to look like an exact duplicate of a legitimate website; for example a bank or email service. When you enter your login information, you then give criminals access to your username and password, which they can use to log in to the real website. For example, say that you fall victim to a phishing attack on your email account. Hackers now have your email username and password. Let's say you also have an account on a shopping website like Amazon.com, where you use your email address as a login, and use the same password. And maybe you also have credit card information stored in your Amazon.com profile. This means that hackers could log in to your Amazon account and use your money to make purchases!

These are some of the reasons why security experts recommend using different passwords for different accounts. However, it can be difficult to try and remember a dozen different passwords. In this cybersecurity science project, you will conduct a survey to find out how many different passwords people actually use for different accounts. The exact design of the survey will be up to you (for example, you might put different questions on the survey depending on whether you intend to give it to adults or classmates). You will then analyze your data to see how many passwords people typically use, and whether people tend to use the same password for online access in certain categories, like email, social networking, work/school accounts, online gaming, etc.

Terms and Concepts

Bibliography

Materials and Equipment

Experimental Procedure

Working with Human Test Subjects

There are special considerations when designing an experiment involving human subjects. Fairs affiliated with Regeneron International Science and Engineering Fair (ISEF) often require an Informed Consent Form (permission sheet) for every participant who is questioned. Consult the rules and regulations of the science fair that you are entering, prior to performing experiments or surveys. Please refer to the Science Buddies documents Projects Involving Human Subjects and Scientific Review Committee for additional important requirements. If you are working with minors, you must get advance permission from the children's parents or guardians (and teachers if you are performing the test while they are in school) to make sure that it is all right for the children to participate in the science fair project. Here are suggested guidelines for obtaining permission for working with minors:

  1. Write a clear description of your science fair project, what you are studying, and what you hope to learn. Include how the child will be tested. Include a paragraph where you get a parent's or guardian's and/or teacher's signature.
  2. Print out as many copies as you need for each child you will be surveying.
  3. Pass out the permission sheet to the children or to the teachers of the children to give to the parents. You must have permission for all the children in order to be able to use them as test subjects.
  1. Design your survey for one target audience, such as all students or all adults. You need to make a list of devices and accounts that you want to ask people about, and create a form where they can mark which password they use for which account. Important: Do not actually ask people to give you their passwords. You could ask people to use letters or numbers (for example, "A", "B", "C" or "1", "2", "3" etc.) to represent their different passwords.
    1. For example, perhaps your parent has an email account where they use the password "secret" and an account at the bank where they use the password "Fido" (the name of your dog). They would refer to "secret" as "A" in your survey and "Fido" as "B" to give you data without giving away the passwords (both of these passwords, by the way, are far from secure and would be guessed very quickly by a hacker).
    2. Tables 1 and 2 show two example surveys and instructions, with a couple ideas to get you started. Table 1 is designed for adults, and Table 2 for kids. You can use Table 1 or 2 to start your survey, and add or delete rows as you see fit. Make sure your survey includes an introductory paragraph that explains what the survey is for and gives directions on how to fill it out.

Adult Password Use Survey: Please mark the right-hand column with a letter (A, B, C, etc.) representing the password you use for that account. Do not enter your actual password! If you do not have the account listed, leave the row blank. If you have the listed account, but do not have a password, write "none."

Account or Device Password
Home computer 
Work computer  
Laptop  
Cell phone  
Other electronic device (specify: )  
Personal email 1  
Personal email 2  
Personal email 3  
Work email  
Work network  
Online banking  
Online credit card  
Online retirement account  
Kids' school/report card system  
Cell phone bill/account  
Cable/internet bill/account  
Utility bill 1 (e.g. gas, electric, water)  
Utility bill 2 (e.g. gas, electric, water) 
Utility bill 3 (e.g. gas, electric, water)  
Online shopping 1 (e.g. Amazon, eBay)  
Online shopping 2 (e.g. Amazon, eBay)  
Facebook  
Twitter  
LinkedIn  
Table 1. This table is a survey designed for adults, who probably have more login accounts related to work and paying bills than your classmates do. If you are doing your survey with adults, you can use this table to get you started, but remember that you can add or delete rows as you see fit.

Kid Password Use Survey: Please mark the right-hand column with a letter (A, B, C, etc.) representing the password you use for that account. Do not enter your actual password! If you do not have the account listed, leave the row blank. If you have the listed account, but do not have a password, write "none."

Account or Device Password
Home computer 
School computer/system  
Cell phone  
Game console (e.g. Xbox, Playstation, Wii) 
Facebook  
Twitter  
Other social networking  
Other social networking  
Gaming 1 (e.g. Minecraft, World of Warcraft) 
Gaming 2 (e.g. Minecraft, World of Warcraft) 
Gaming 3 (e.g. Minecraft, World of Warcraft) 
Music 1 (e.g. Pandora, Spotify, Grooveshark) 
Music 2 (e.g. Pandora, Spotify, Grooveshark)  
Music 3 (e.g. Pandora, Spotify, Grooveshark)  
Table 2. This table is a survey designed for kids, who may be more likely to have accounts related to school and entertainment (like gaming, music, and social networking) than adults. If you are giving the survey to a group of kids, you can modify the rows to match games and websites that you know they use (this survey was written in May 2013, and we know that new social networking sites and games pop up all the time, so we can't predict the future!). Remember that you can also add new rows.
  1. Decide how you are going to distribute your survey. You have several options:
    1. Print paper copies of your survey and have people fill them out.
    2. Email people your survey and ask them to return it to you in electronic form.
    3. Use an online survey tool like Survey Monkey or the "Forms" tool in Google Docs (there are many other options you can find by doing an online search for "survey tool").
  2. Distribute your survey. How you do this will depend on which method you chose in step 2. Make sure you explain what the survey is about to your participants. You should ask people to respond to you by a certain date.
  3. Collect your survey responses. You may need to remind some people if they forgot to fill out your survey.
  4. Now it is time to analyze your data. First, tally up the total number of passwords for each individual who responded to your survey. Table 3 shows an example of how to keep track of this.
Name Total Number of Passwords
Person #1  
Person #2  
Person #3  
Table 3. A data table to keep track of the total number of passwords each person had. Add rows to the table as needed.
  1. Next, create a histogram of your data. A histogram is like a bar graph that shows how often something occurs. In this case, the x-axis of your histogram is "Total Number of Passwords (X)", and the y-axis of your histogram is "Number of People Who Had 'X' Passwords". It may help to first put your data in a new table like this:
Total Number of Passwords (X) Number of People Who Had "X" Passwords
0 
1 
2 
3 
4 
5 
6 
7 
8 
Table 4. This data table will help you create your histogram (you can add rows if necessary). For example, if three people who responded to your survey had a total of five passwords, you would enter a "3" in the right-hand column in the row for 5 total passwords.
  1. Look at the shape of your histogram; does it fit a normal distribution or does it have a different shape? Can you draw any conclusions about password use from your histogram? Remember that your data might be skewed if some people do not have accounts at all for certain items in your survey. This will make it appear that they have fewer passwords, so be careful not to jump to any conclusions based on your histogram. You will do more data analysis in steps 8 and 9.
    Technical Note:

    You could account for this skewed information mentioned in step 7 by normalizing your data; that is, dividing each person's total number of passwords by their total number of accounts. For example (to keep things simple), say your survey only has four items, which are all social networking: Facebook, Google+, Twitter, and LinkedIn. Your first survey respondent has all four accounts, but only uses two passwords total. That person's normalized score would be 2 ÷ 4 = 0.5. Your second survey respondent also has two passwords, but does not have Twitter or LinkedIn accounts at all. That person's score would be 2 ÷ 2 = 1.0. So, the second person's "score" is actually better, even though both people have the same number of passwords total. The first person is at a higher risk by using the same passwords for multiple accounts. If you make a new histogram with these normalized scores, it may have a different shape than your histogram that just used total number of passwords.

  2. Now it is time to analyze whether people are more likely to use the same password for certain groups of accounts than others. Create a new data table that breaks your different accounts/devices into categories. There will be multiple ways to do this depending on how you designed your survey (Tables 5 and 6 show two different examples). Keep track of how many people use the same password for everything in each category, and how many people use different passwords for everything in each category. You might want to include some items in multiple categories; for example, "work computer" could fit into both "work" and "device" categories. Depending on the results of your survey, you may also need to add a column for "No Passwords."
Category Device/Account # of People with Same Password for Each # of People with Different Passwords for Each
Email Home email  
Work email   
Devices Laptop   
Cell phone   
Social networking Twitter   
Facebook   
Table 5. One example table to keep track of how many people use the same password for every item in different categories (email, devices, and social networking). Remember that exactly how you assign your categories is up to you and will depend on your survey.

Category Device/Account # of People with Same Password for Each # of People with Different Passwords for Each
Work Work computer   
Work email  
Work network  
Personal Home computer   
Home email  
Online gaming  
Table 6. Another example table to keep track of how many people use the same password for everything in certain categories; in this case, work and personal. Remember that the exact design of your data table is up to you, depending on how you formatted your survey
  1. Create a graph to illustrate your results from step 8. This will make it easier to visualize your data. Figure 1 shows a blank example graph based on Table 5.
Example bar graph for password usage contains no data

An example bar graph showing password usage patterns. The bar graph includes number of people on the y-axis and categories (email, devices and social networking) on the x-axis. A legend in the top-right indicates that same passwords are colored in red and different passwords are colored in blue. No data points are displayed on the graph.


Figure 1. An example bar graph that can be used to visualize whether more people tend to use the same password or tend to use different passwords for various categories. This graph is based on the categories in Table 5, but you should make sure your graph corresponds to the categories you chose.
  1. Analyze your results using the graph you made in step 9. Are there certain categories where people are more likely to use the same password for everything? Do you think this poses a security risk? Remember that there are multiple overall aspects of password security, including using a complex password that is hard to guess. Just using different passwords for every site and account you log in to does not necessarily make you safer if all of those passwords are short and simple. Sometimes a password alone is not enough to break in to an account; for example, many online banking systems require a 10-digit (or more) account number (instead of something obvious like an email address) as a login name, and a four-digit Personal Identification Number (PIN) in addition to a password. However, as a general rule of thumb, it is still a good idea not to use the same password over and over again for different accounts. Your survey is just looking at this one aspect of password security, but can you draw any general conclusions from your results? See the "Make it My Own" tab for some ideas about more-comprehensive password security surveys.
icon scientific method

Ask an Expert

Do you have specific questions about your science project? Our team of volunteer scientists can help. Our Experts won't do the work for you, but they will make suggestions, offer guidance, and help you troubleshoot.

Variations

  • Security experts also suggest changing your passwords frequently. Design and conduct a new survey to determine how often people change their passwords. Do they change them more frequently for some accounts than for others?
  • Modify your survey to include demographic information, such as age or profession. Are different age groups or people with different jobs more likely to have more or fewer passwords? For example, you might expect "tech-savvy" people who work in the information technology industry to have more passwords, and senior citizens to have fewer passwords; is that true?
  • Design a survey to measure password quality as defined by security experts (again, without having your survey respondents reveal their actual passwords). For example, many experts recommend using combinations of numbers, symbols, and uppercase and lowercase letters; using longer passwords; and completely avoiding names and dictionary words.

Careers

If you like this project, you might enjoy exploring these related careers:

Career Profile
Have you ever seen a story on the news about how a company or government agency was "hacked" and people's personal information, like names, addresses, or credit card numbers, was stolen? It is an information security analyst's job to prevent that from happening. Organizations hire information security analysts to analyze possible threats against their computer systems, which can range from malicious hackers trying to steal data to careless employees who accidentally forget to log out of a… Read more

News Feed on This Topic

 
, ,

Cite This Page

General citation information is provided here. Be sure to check the formatting, including capitalization, for the method you are using and update your citation, as needed.

MLA Style

Science Buddies Staff. "Do People Use Different Passwords for Different Accounts?" Science Buddies, 22 June 2023, https://www.sciencebuddies.org/science-fair-projects/project-ideas/HumBeh_p057/human-behavior/do-people-use-different-passwords-for-different-accounts?from=Blog. Accessed 19 Mar. 2024.

APA Style

Science Buddies Staff. (2023, June 22). Do People Use Different Passwords for Different Accounts? Retrieved from https://www.sciencebuddies.org/science-fair-projects/project-ideas/HumBeh_p057/human-behavior/do-people-use-different-passwords-for-different-accounts?from=Blog


Last edit date: 2023-06-22
Top
We use cookies and those of third party providers to deliver the best possible web experience and to compile statistics.
By continuing and using the site, including the landing page, you agree to our Privacy Policy and Terms of Use.
OK, got it
Free science fair projects.